CISA Certification MCQ Multiple Choice Questions - Page 2 for Practice

Q: 31. What does COBIT stand for?

Correct Answer is: Control Objectives for Information and Related Technologies

Q: 32. Which audit approach focuses on areas with the highest risk?

Correct Answer is: Risk-Based Auditing

Q: 33. What is inherent risk?

Correct Answer is: Risk existing before controls

Q: 34. What is residual risk?

Correct Answer is: Risk remaining after controls

Q: 35. Which document formally defines audit scope and objectives?

Correct Answer is: Audit Charter

Q: 36. What is the purpose of an audit trail?

Correct Answer is: Record activities for accountability

Q: 37. Which control ensures data accuracy during processing?

Correct Answer is: Input Validation

Q: 38. What is the primary objective of information security?

Correct Answer is: Confidentiality, Integrity, and Availability

Q: 40. Which principle ensures systems are accessible when needed?

Correct Answer is: Availability

Q: 41. What is business continuity planning (BCP)?

Correct Answer is: Ensuring critical operations continue during disruptions

CISA Certification MCQ Questions for Practice

31. What does COBIT stand for?

Control Objectives for Information and Related Technologies
Certified Objectives for IT
Central Operations for IT
Computer Operations Business Information Technology

32. Which audit approach focuses on areas with the highest risk?

Random Auditing
Risk-Based Auditing
Financial Auditing
Compliance Auditing

33. What is inherent risk?

Risk after controls are applied
Risk existing before controls
Risk transferred to vendors
Risk accepted by management

34. What is residual risk?

Risk eliminated completely
Risk remaining after controls
Risk transferred externally
Audit risk

35. Which document formally defines audit scope and objectives?

Audit Charter
Firewall Policy
SLA
Business Case

36. What is the purpose of an audit trail?

Increase performance
Record activities for accountability
Store backups
Encrypt data

37. Which control ensures data accuracy during processing?

Input Validation
Antivirus
Firewall
VPN

38. What is the primary objective of information security?

Speed
Confidentiality, Integrity, and Availability
Profitability
Scalability

39. Which principle ensures information is accurate and complete?

Availability
Confidentiality
Integrity
Authentication

40. Which principle ensures systems are accessible when needed?

Confidentiality
Availability
Integrity
Nonrepudiation

41. What is business continuity planning (BCP)?

Managing audits
Ensuring critical operations continue during disruptions
Developing software
Monitoring networks

42. What is disaster recovery planning (DRP)?

Preventing disasters
Restoring IT services after disruption
Performing audits
Training employees

43. Which metric measures acceptable data loss?

MTTR
RTO
RPO
KPI

44. Which metric defines acceptable downtime?

45. What does RTO stand for?

Recovery Time Objective
Response Time Objective
Recovery Transfer Objective
Risk Tolerance Objective

46. What does RPO stand for?

Recovery Point Objective
Risk Process Objective
Recovery Procedure Objective
Resource Planning Objective

47. Which type of backup copies all selected data?

Incremental
Differential
Full Backup
Snapshot

48. Which backup type stores changes since the last backup?

Full
Incremental
Archive
Mirror

49. What is change management designed to control?

Software sales
System modifications
Employee hiring
Vendor contracts

50. What is the purpose of user acceptance testing (UAT)?

Audit security
Verify business requirements are met
Encrypt applications
Backup databases

51. Which environment is used for live business operations?

Development
Testing
Production
Staging

52. Which control reduces the risk of unauthorized system changes?

Change Approval Process
Antivirus
Load Balancer
VPN

53. What is a key objective of project governance?

Increase coding speed
Ensure projects meet business goals
Eliminate testing
Reduce documentation

54. What is the purpose of a Service Level Agreement (SLA)?

Define service expectations
Audit databases
Encrypt communications
Configure firewalls

55. Which audit evidence technique involves observing processes?

Observation
Inspection
Recalculation
Confirmation

56. What is compliance auditing?

Auditing financial records only
Evaluating adherence to regulations and policies
Managing vendors
Monitoring networks

57. Which regulation focuses on personal data protection in Europe?

HIPAA
PCI DSS
GDPR
SOX

58. What is the primary focus of PCI DSS?

Cloud Security
Payment Card Security
Healthcare Data
Government Systems

59. Which law focuses on corporate financial reporting controls?

GDPR
SOX
HIPAA
PCI DSS

60. What is the purpose of logical access controls?

Restrict physical entry
Restrict system access
Monitor temperature
Control electricity